Hacking Medical Devices

Johnson & Johnson recently disclosed that one if its insulin pumps might be subject to hacking.   This follows assertions about pacemakers and implanted defibrillators might also be subject to attack.  No doubt some wireless medical devices will have security vulnerabilities with at least software if not hardware attack vectors.

The motives for attack are perhaps equally important in any case. Hacking a fleet of cars can have widespread visibility and will be associated with a different set of motives than a personal attack via a medical device.  However, murder or assassination are potential uses for these types of flaws.

“No instances of medical-device hacking have been disclosed.” according to the related WSJ article. Of course, when a diabetic dies of an insulin excess or deficit, murder by hacking might not be on the post mortum evaluation list.  The abuses here are (hopefully) rare, but the lack of disclosure does not imply the lack of a successful attack.

Cell Phone WiFi Used to Track Your Location

The 14 Jan Wall St. Journal has an article noting that your cell phone is being used to track where you are, and not by the cell phone provider (well, ok, they do as well, but using the cell-tower location process).  This tracking occurs when you have  your WiFi enabled and pass a detection device.  Turnstyle Solutions and Apple iBeacon (BlueTooth) provide devices placed by shop-owners and others to detect, record and report your location.  Turnstyle works with your devices WiFi MAC address, and iBeacon with iOS on your phone. iBeacon provides location data for Aps, but also for the host location.

The good: Knowing you are there may allow you to pay for goods at checkout without having to get out your credit card.  It may provide you with immediate “discount coupons” or other offers.   The Apple concept with BlueTooth is promoted as a way to provide ‘fine tuned’ personal (identifiable) services such as payment, or any other service that your phone apps using location services may be able to provide.

The bad: Turnstyle is not tied to apps, your cell provider, or your phone OS. It simply uses your MAC address (which is part of the handshake that is periodically being transmitted by any WiFi device to identify possible connections.)  An intended service Turnstyle provides their customers is a composite of “what other locations your customers visit”.  A restaurant has offered branded workout shirts as a result of feedback that 250 of their customers went to the gym that month (or at least to a gym that was in the Turnstyle network.) One Turnstyle customer is quoted as saying “It would probably be better not to use this tracking system at all if we had to let people know about it.”   I find that insightful.

Turnstyle also offers free WiFi in various retail locations.  The information about your sites visited, searches, etc. can be used to further classify you as a consumer — without collecting “personally identity” information (maybe.)  Any number of combination of data-mining techniques can be used to get fairly personal here — via Apps, site usernames, email addresses disclosed, etc.

The ugly: In the context of the article, the example of a problematic location tracking might be your visits to a doctor, say the oncology clinic in a monitored area. Combine that with searches on selected drugs and diseases and what you thought was private medical information is now available, and perhaps bypassing heath privacy regulations.

Consider the “constellation” of radio beacons you either transmit or reflect.  My car keys have an RFID chip, some credit cards have these (and passports), you have unique cell phone ID, WiFi MAC address, BlueTooth id, Apps that may be sending data without your awareness, etc. While any one service may be protecting your anonymity the set of signals you transmit becomes fairly unique to you.  Connecting these with your identity is probably more a question of the abusers desire to know than it is a question of your rights or security measures.

These mechanisms can be used by paparazzi, stalkers, assassins, groupies, and other ne’er-do-wells for their nefarious purposes.

In the Harry Potter series the Marauder’s Map was used to track anyone, at least within Hogwarts. To activate this “Technology” you tapped it with a wand and declared “I solemnly swear that I am up to no good.

Where have your footprints been taking you lately? And who has been watching them?